Inadequate Encryption Vulnerability in D-Link DIR-865L Ax Devices
CVE-2020-13785

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir-865l Firmware
Vendor: CVE Published:; 3 June 2020

Summary

D-Link DIR-865L Ax devices running version 1.20B01 Beta are affected by an inadequate encryption vulnerability that could expose sensitive information to unauthorized access. This weakness arises from insufficient encryption protocols implemented within the device, potentially allowing attackers to exploit the deficiency and access private data being transmitted over the network. Users should be aware of this issue and consider taking preventive measures to secure their devices against potential threats.

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

https://unit42.paloaltonetworks.com/6-new-d-link-vulnerab...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2020
Vulnerability Reserved
Jun 3, 2020